Hi All
This is my second SOS this week as I get acquainted with Splunk. I've exhausted all possibilities trying to solve this problem... I'm part way there and I'd hoping someone can provide inspiration or enlightenment.
I'm attempting to create a dashboard that shows the build outcome for a number of services over the last 5 builds executed.
The query I use to extract and tabulate the raw data is as follows:
index="osesat-dev-01" source=fluentd environment="test-b" platform_region="eu-west-1" kubernetes.pod_name="trufflehog*" OR kubernetes.pod_name="sat-ctrlr-*" app_name=* request_uuid="*"
| rex field=artifact_source ".*/(?.*)"
| fields - _raw
| fields _time, request_uuid, app_name, svc_name, artifact_source, artifact_branch, build_id, kubernetes.pod_name, test_type, test_tool
| join request_uuid [search index="osesat-dev-01" source=fluentd environment="test-b" platform_region="eu-west-1" request_uuid="*" kubernetes.pod_name="trufflehog*" OR kubernetes.pod_name="sat-ctrlr-*" result="success" OR result="fail"
| fields - _raw
| fields _time, request_uuid, artifact_source, artifact_branch, build_id, result, kubernetes.pod_name, report, "High Entropy count"]
| dedup 5 app_name
| table app_name, svc_name, build_id, result
| sort -time
My problem is when it comes to charting the 5 most recent builds. I'd like 5 columns called:
"Latest Build", "Latest Build -1"....... "Latest Build -4".
Under each of these columns, we'd see a 'Success' or 'Fail' status with a separate row for each service.
However the Build ID fields contain Build IDs specific to each service e.g. 5 most recent builds for service 1 and service 2 could be as follows:
Service 1: Build 119, Build 118, Build 117, Build 116, Build 115
Serivce 2: Build 20, Build 19, Build 18, Build 17, Build 16
I am having a lot of difficultly trying to reconcile the unique Build IDs to the 5 columns representing the most recent build history.
When I use "Chart over by" or "xyseries" I get 10 columns if I chart the Service 1 and Service 2 example above - I can't figure out how to rename the columns.
When I use "transpose", I can rename the columns; I can get the outcome I want when I report build history against a single service, but I have problems when I try to chart build history for multiple services.
Please see the below which provides an overview of the data table produced
Service Name | Build ID | Build Status
--------------------|------------|--------------
webgoat | Build 20 | fail
webgoat | Build 19 | success
webgoat | Build 18 | fail
webgoat | Build 17 | fail
webgoat | Build 16 | fail
pipeline-svc | Build 119 | success
pipeline-svc | Build 118 | success
pipeline-svc | Build 117 | fail
pipeline-svc | Build 116 | fail
pipeline-svc | Build 115 | success
Any workarounds greatly appreciated.
Thanks,
jimmy
... View more